Export limit exceeded: 24835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24835 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30521 | 2 Oretnom23, Sourcecodester | 2 Loan Management System, Loan Management System | 2026-04-02 | 6.5 Medium |
| A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the interest_percentage. This results in the creation of loan plans with negative interest rates. | ||||
| CVE-2026-4020 | 2026-04-02 | 7.5 High | ||
| The Gravity SMTP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4. This is due to a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback that unconditionally returns true, allowing any unauthenticated visitor to access it. When the ?page=gravitysmtp-settings query parameter is appended, the plugin's register_connector_data() method populates internal connector data, causing the endpoint to return approximately 365 KB of JSON containing the full System Report. This makes it possible for unauthenticated attackers to retrieve detailed system configuration data including PHP version, loaded extensions, web server version, document root path, database server type and version, WordPress version, all active plugins with versions, active theme, WordPress configuration details, database table names, and any API keys/tokens configured in the plugin. | ||||
| CVE-2026-34518 | 2026-04-02 | 3.7 Low | ||
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. This issue has been patched in version 3.13.4. | ||||
| CVE-2026-29143 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers. | ||||
| CVE-2026-29144 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | ||||
| CVE-2026-29137 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | ||||
| CVE-2026-5032 | 2026-04-02 | 7.5 High | ||
| The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw mfunc/mclude dynamic fragment HTML comments — including the W3TC_DYNAMIC_SECURITY security token — to be rendered in the page source. This makes it possible for unauthenticated attackers to discover the value of the W3TC_DYNAMIC_SECURITY constant by sending a crafted User-Agent header to any page that contains developer-placed dynamic fragment tags, granted the site has the fragment caching feature enabled. | ||||
| CVE-2026-2343 | 2 Peprodev Ultimate Invoice, Wordpress | 2 Peprodev Ultimate Invoice, Wordpress | 2026-04-02 | 5.3 Medium |
| The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably making it possible to brute force and retreive PII. | ||||
| CVE-2025-22117 | 1 Linux | 1 Linux Kernel | 2026-04-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in function ice_vc_fdir_parse_raw() by verifying if it does not exceed the VIRTCHNL_MAX_SIZE_RAW_PACKET value. | ||||
| CVE-2026-29141 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | ||||
| CVE-2026-29135 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | ||||
| CVE-2026-29133 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-02 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | ||||
| CVE-2026-20093 | 2026-04-02 | 9.8 Critical | ||
| A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to bypass authentication, alter the passwords of any user on the system, including an Admin user, and gain access to the system as that user. | ||||
| CVE-2026-20151 | 2026-04-02 | 7.3 High | ||
| A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to the improper transmission of sensitive user information. An attacker could exploit this vulnerability by sending a crafted message to an affected Cisco SSM On-Prem host and retrieving session credentials from subsequent status messages. A successful exploit could allow the attacker to elevate privileges on the affected system from low to administrative. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of System User. Note: This vulnerability exposes information only about users who logged in to the Cisco SSM On-Prem host using the web interface and who are currently logged in. SSH sessions are not affected. | ||||
| CVE-2026-3774 | 2026-04-02 | 4.7 Medium | ||
| The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing redaction, encryption, and printing logic, which, under specific document structures and user workflows, may cause a small amount of sensitive content to remain unremoved or unencrypted as expected, or result in printed output that slightly differs from what was reviewed on screen. | ||||
| CVE-2026-34525 | 2026-04-01 | 5.4 Medium | ||
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4. | ||||
| CVE-2026-4927 | 2026-04-01 | 6.5 Medium | ||
| Exposure of sensitive information in the users MFA feature in Devolutions Server allows users with user management privileges to obtain other users OTP keys via an authenticated API request. This issue affects Server: from 2026.1.6 through 2026.1.11. | ||||
| CVE-2025-67807 | 2026-04-01 | 4.7 Medium | ||
| The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions. | ||||
| CVE-2026-34442 | 1 Freescout | 1 Freescout | 2026-04-01 | 5.4 Medium |
| FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External Resource Loading and Open Redirect behavior. When the application constructs links and assets using the unvalidated Host header, user requests can be redirected to attacker-controlled domains and external resources may be loaded from malicious servers. This issue has been patched in version 1.8.211. | ||||
| CVE-2026-33029 | 1 0xjacky | 1 Nginx-ui | 2026-04-01 | 6.5 Medium |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4. | ||||